Independent biometric identification system

ABSTRACT

The inventive data processing system and method enable verifiable secure transfer of information between two or more parties, each having access to at least one identity verification system, utilizing a platform-independent architecture to enable verification of identities of parties sending and receiving secured information, and ensuring that only an authorized receiving party gains access to the secured information, regardless of the type, model, ownership and/or quantity of biometric identity verification (BIV) systems being utilized by each party. Parties desiring to securely transfer information between one another register at a central security management system, and each provide at least one biometric enrollment to their unique record configured for storing multiple BIV system enrollments for each party. The inventive system and method also provide an adaptive enrollment feature which enables the system to function automatically and transparently with new BIV systems that have not been previously enrolled by the user.

CROSS REFERENCE TO RELATED APPLICATIONS

The present patent application is a continuation-in-part of, and claimspriority from, the commonly assigned co-pending U.S. patent applicationSer. No. 11/430,130 entitled “SYSTEM AND METHOD FOR PLATFORM-INDEPENDENTBIOMETRICALLY VERIFIED SECURE INFORMATION TRANSFER AND ACCESS CONTROL”which in turn claims priority from the commonly assigned co-pending U.S.Provisional patent application Ser. No. 60/792,365, entitled “SYSTEM ANDMETHOD FOR PLATFORM-INDEPENDENT BIOMETRICALLY SECURE INFORMATIONTRANSFER”, filed Apr. 14, 2006, and which is also in turn acontinuation-in-part of, and claims priority from, the commonly assignedca-pending U.S. patent application Ser. No. 11/332,017 entitled“MULTIPLATFORM INDEPENDENT BIOMETRIC IDENTIFICATION SYSTEM” filed Jan.11, 2006, which in turn is a continuation-in-part of, and claimspriority from, the commonly assigned U.S. Pat. No. 6,993,659 entitled“INDEPENDENT BIOMETRIC IDENTIFICATION SYSTEM” filed Apr. 23, 2002.

FIELD OF THE INVENTION

The present invention relates generally to a system and method forbiometrically verifying and securing the transfer of information betweentwo or more parties, and more particularly to a system and method forproviding various advantageous, biometrically-enhancedplatform-independent features to the process of information transferbetween two or more parties.

BACKGROUND OF THE INVENTION

In the last decade, the rapidly decreasing cost of computers, coupledwith simultaneous performance gains, as well as the growing availabilityof inexpensive access to high speed telecommunications, have resulted ina dramatic jump in the installed base of computers and broadbandtelecommunication connections both in consumer and commercial areas.

The proliferation of computers and low-cost high-speedtelecommunications, also led to an ever-growing increase in the amountof information exchanged between various parties, within and betweencircles of individuals ranging from social groups (friends, family), togovernment, educational and corporate organizations.

In addition, the explosive growth of versatile personal communicationdevices (such as, for example, cellular telephones equipped with amyriad of functions) has arguably eclipsed the above-noted rise inavailability of computers with high speed telecommunication connections.With each month, new personal communication options become available toconsumer and organizational users, most often embodied in mobiletelephones that are smaller, more powerful, and with a more impressivelist of features, than comparable models released mere weeks ago.

Not surprisingly, these trends have led to an unprecedented escalationin demand for solutions related to secure transmission of informationbetween various parties (e.g., electronic data transmissions, voicecommunications, etc.), and also for solutions related to controllingaccess to secured stored content (e.g., ranging from personalinformation, such as photographs, to content generated and owned bycorporate, government and educational organizations).

For decades, and continuing to present day, the primary solution tosecuring transmission of information between parties using electronicdevices, has been to enable the sending party to encrypt transmittedinformation, and, at the same time, provide the receiving party with theability to decrypt and access the sent information. One popular approachto securing electronic data, transmission involves the use of PGP (or“pretty good privacy”) encryption, with appropriate PGP keys beingexchanged between the parties prior to data transmission, and later usedto achieve encryption, and subsequent decryption, of transmitted data.Similar security measures have also been the typical approach taken tosecure access to stored content, where the access to content (encryptedor otherwise) is controlled by a password, or other form of access code,provided to the party authorized to gain access thereto.

However, the above solutions have significant drawbacks. First, and mostimportant, is the fact that none of the previously known encryptiontechniques enabled the parties involved in information transfertherebetween, to authenticate the identity of the party sending theinformation, as the source of the transmission, and also to authenticatethe identity of the recipient, to confirm that the transmittedinformation was accessed by the specific identified party to which itwas addressed, rather then by anyone having access to the receivingparty's communication device and/or access code (e.g.,username/password).

The same challenge is present in the field of content access control,where anyone can use a stolen, or otherwise misappropriated, access code(e.g., username/password) to gain unauthorized access to securedcontent. Additionally, the process of exchange, and/or provision, of PGPkey information, is complex and cumbersome—a deterrent to the use ofconventional encryption/decryption technologies for most parties outsidegovernment and corporate sectors.

One attempt to address the above challenges was the proposed utilizationof biometric access control systems by the sending and receiving partyto authenticate the identity of the sending and receiving party. The useof biometric technologies has previously gained some acceptance in thefield of content access control. Therefore, the application of suchtechnologies to the goal of securing data transmission was a reasonableapproach.

Biometrics is a field of technology aimed at utilizing one or moreunique personal characteristics of an individual, ranging, for example,from their fingerprints to their hand vein pattern, odor, ins image, ortheir DNA, to authenticate their identity. Biometric technologies aretypically of two types—passive and active. Passive biometrics either donot require the individual who's identity is being verified to doanything other than to enable a certain biometric characteristic to beacquired by the system (e.g., by placing a finger on a fingerprintscanner, by looking into a retinal scanner, or by looking in thedirection of a facial scanner). Active biometrics require the individualwho's identity is being verified to perform one or more predeterminedactions in order to enable the system to acquire the representation ofone or more appropriate biometric characteristics (e.g., by providing asignature, by speaking, by squeezing a certain object, etc.). Certaintypes of biometric systems may incorporate a combination of active andpassive biometric approaches. The various types of biometric systems arediscussed in greater detail in the commonly assigned co-pending U.S.patent application Ser. No. 11/332,017 entitled “MULTIPLATFORMINDEPENDENT BIOMETRIC IDENTIFICATION SYSTEM”, which is herebyincorporated by reference herein in its entirety.

While certainly appearing to address one of the key challenges ofsecuring information transfer, biometric access control systems sufferfrom a number of serious disadvantages that have prevented theirwidespread use, and that have effectively stunted their growth in mostareas outside of physical access control and local computer accesscontrol applications. To understand these disadvantages, it is useful toprovide an overview of previously known biometric access control systemoperations.

A biometric access control system (also interchangeably referred toherein as “biometric identity verification system”), typically includestwo main components—a physical device of some sort to actively, and/orpassively, acquire predetermined biometric information, and programinstructions (such as a software application, embedded in the device,installed on the computer connected to the device, or a combination ofboth), for managing the operation of the device, and for providingbiometric recognition technology that enables utilization of the deviceto authenticate the identity of one or more individuals previously“enrolled” in the system when the individual presents the appropriatebiometric information to the device.

Each individual authorized to use a biometric access control system, isfirst “enrolled” (i.e., registered) in the system, so that the systemcan acquire particular biometric information from the individual inaccordance with a predetermined enrollment protocol (for example,requiring the individual to provide the same, or similar, biometricinformation several times, etc.). The acquired biometric enrollmentinformation is then transformed, in accordance with one or moreproprietary technologies, into a “recognition template” (or equivalentlogical data structure), representative of the acquired biometricinformation, and then optionally optimized for use with the appropriatebiometric recognition algorithms.

During a later authentication attempt, biometric information, of thesame specific type as was originally enrolled (e.g., left index fingerfingerprint, right iris, etc.), is presented to the biometric device,then acquired and transformed into a template, and finally compared tothe enrolled stored recognition template, to determine a match, inaccordance with one or more recognition criteria (for example a“recognition threshold”, representative of the allowable degree ofdifference between the enrolled template, and the presented template,for successful authentication thereof), and therefore to authenticatethe identity of the presenting individual. The two main reasons forusing stored recognition templates are: (1) as a requirement for usingbiometric recognition algorithms during the authentication process; and(2) to ensure that actual acquired biometric information is never storedfor security purposes.

The key disadvantage, crippling the use of biometrics as a broadscalable secure information transfer and access control solution, hasbeen the combination of (1) availability of several hundred differentbiometric devices of various types flooding the market (with the amountof devices growing each year) and (2) the fact that in a vast majorityof cases, the available biometric devices, even of the same type (e.g.,fingerprint scanners) are incompatible with one another. Each of thesedevices uses their own biometric software (although several devicemanufacturers share a similar core biometric information acquisitiondevice and biometric recognition algorithms), and during enrollmentcreates a biometric recognition template specific to the device. Inaddition, the enrollment recognition template may be stored in thebiometric device, in the computer to which the device is connected, in adifferent computer connected thereto, or in one or more of the above,depending on the device model. As a result, the enrolled individual mustalways utilize the specific type and model of biometric device and thespecific computer (or computer network) where they originally enrolled.

Another devastating shortcoming of previously known biometric systems,flowing from general incompatibility of biometric devices, fromdifferent manufacturers, is the fact that without any clear unifyingstandard, the only way for parties to truly use a biometric technologysolution for verifying the identity of the sending and/or receivingparty, and for securing information transfer therebetween (as opposed tousing biometrics as a password replacement supplement to conventionalsecurity measures), is for all parties to acquire and use the samecompatible model and type of biometric device. This is a seriousdrawback, because commitment to utilization of a specific type and brandof biometric identity verification device, requires a significant degreeof collusion and common agreement between many individuals that intendto use the system.

In addition, the issue of compatibility and uniformity is particularlyproblematic for any large scale implementation of a system for verifyingand securing information transfer. The requirement that all parties in alarge organization involved in developing and, more importantly, usingthe system, to cooperate and coordinate biometric device acquisition anduniform installation, to ensure that everyone involved is using the samebiometric devices equipped with compatible biometric recognitionsoftware, is very burdensome and a significant barrier to implementationof such systems.

And, if a particular biometric device in such a system is later replacedwith another biometric device using a biometric recognition templateincompatible with the original biometric device, all of the devices inthe system must be replaced to maintain compatibility therebetween, andall individuals using those devices must be re-enrolled with the newdevices.

Similar issues exist with respect to use of biometrics to control accessto content—all involved parties must use a biometric device that iscompatible with the system providing biometric access control to thecontent, and similarly are limited to using the same type and model ofbiometric device, and only at the computers (or computer networks) wherethey previously enrolled.

In addition, if a previously known installed biometric security systemis changed to a new one that uses a different infrastructure, or issignificantly upgraded, while the previously used biometric devices usedare kept, then all of the users would need to repeat the time consumingand resource intensive re-enrollment process on each biometric device togenerate a new biometric enrollment database compatible with the newbiometric security system.

Moreover, there is a growing number of security applications andgovernment rules and regulations which require the use of multipleauthentication factors (i.e., by simultaneous or sequential utilizationof multiple biometric identity verification systems by a user toauthenticate the identity thereof) to perform certain secure tasks.

White the above-incorporated U.S. patent application Ser. No. 11/332,017provided a solution to interoperable utilization of different types ofbiometric devices in the same group of users (for example, the users ofa local or wide area network), it did not specifically address all ofthe issues involved in applying the disclosed techniques to the purposeof using biometrics to secure and authenticate transmission and receiptof information transferred between various parties.

Thus, none of the previously known biometric security approaches enableparties to verify and secure the transfer of information therebetween,utilizing any biometric identity verification system available to eachparty, without regard to the biometric identity verification system (orsystems) utilized by the other party or parties, nor do any previouslyknown biometric security systems enable users to each utilize one ormore different biometric identity verification devices, individually orin conjunction with one another. Furthermore, none of the previouslyknown biometric security systems provide the capability to easily addnewly developed or released biometric identity verification devicesthereto.

It would thus be desirable to provide a system and method fortransferring secured information, between parties, while enablingauthentication of identities of at least one of, the party sending theinformation, and the party, or parties, receiving and/or accessing thereceived information, with each party being able to utilize multipledifferent biometric identity verification systems of their choice,independently of the biometric identity verification systems used by theother party. It would additionally be desirable to provide theabove-described system and method also having adaptive intelligentbiometric identity verification system enrollment with the capability toeasily add newly developed or released biometric identity verificationdevices thereto, transparently to the users thereof. It would further bedesirable to provide a system and method for restricting access tocontent to one or more specific identified individuals, where eachidentified individual is able to utilize one or more biometric identityverification systems of their choice, independently of the accesscontrol system being used, and independently of the biometric identityverification systems being utilized by other identified individuals (ifany). It would additionally be desirable, to provide a system and methodfor tracking and biometrically verifying various data relating topreviously conducted information transfer between parties, whether suchtransfer occurred through transmission of information therebetween, orby one party allowing access to secured content to one or more other,biometrically verified, parties.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings, wherein like reference characters denote correspondingor similar elements throughout the various figures:

FIG. 1A shows a block diagram of a first exemplary embodiment of theinventive secure information transfer management (SITM) system, thatenables verifying and securing information transfer between parties,through platform-independent identity verification;

FIG. 1B shows a block diagram of an alternate exemplary embodiment ofthe inventive SITM system of FIG. 1A;

FIG. 2 shows a block diagram of a second exemplary embodiment of theinventive SITM system, that enables verifying and securing informationtransfer between parties, through platform-independent identityverification;

FIG. 3 shows a block diagram of a third exemplary embodiment of theinventive SITM system, that enables verifying and securing informationtransfer between parties, through platform-independent identityverification;

FIG. 4 shows a block diagram of an exemplary embodiment of the inventiveSITM system; that enables verifying and securing information transferbetween parties, through platform-independent identity verification;

FIG. 5 shows a logic flow diagram of an exemplary embodiment of aprocess of implementing and utilizing the SITM system of FIGS. 1A-3;

FIG. 6 shows a logic flow diagram of an exemplary embodiment of aprocess of implementing and utilizing the SITM system of FIG. 4;

FIG. 7 shows a logic flow diagram of an exemplary embodiment of aprocess of initial enrollment of a user prior to utilization of the SITMsystem of FIGS. 1A-3; and

FIG. 8 shows a logic flow diagram of an exemplary embodiment of aprocess of enrollment of an additional biometric identity verificationsystem by a user of the SITM system of FIGS. 1A-3.

SUMMARY OF THE INVENTION

The inventive data processing system and method enable secure transferof information between two or more parties, each having access to atleast one identity verification system, utilizing a platform-independentarchitecture to enable the sending and receiving parties to verifytransmission and receipt of secured (e.g., encrypted) information,and/or to control access by one party to information secured by anotherparty, regardless of the type, model, ownership, and/or quantity ofbiometric identity verification (BIV) systems being utilized by eachparty.

In one embodiment of the inventive system and method, parties desiringto securely transfer information between one another, register at acentral independent biometric security management (IBSM) system, andeach provide a biometric enrollment for each biometric device (i.e., BIVsystem) that they wish to utilize, which are then stored by the IBSMsystem in their unique record. Advantageously, each such record isconfigured for storing multiple BIV system enrollments for each party,such that the parties can each use one or more different BIV systems inconjunction with the inventive system. Optionally, if there is apre-existing biometric security system that comprises records withbiometric enrollments for one or more users, as part of the registrationprocess the IBSM system can readily import existing biometricenrollments for each user into their individual record. In this case,the user having such previously obtained biometric enrollment(s) forspecific BIV devices, would not need to repeat the enrollment procedurefor those devices.

The inventive system and method also provide an adaptive enrollmentfeature which enables the system to function automatically andtransparently with new BIV systems that have not been previouslyenrolled by the user, if such systems produce enrollments that aresufficiently similar to the ones already stored in the user's record.

In addition, during the initial user enrollment process, a predeterminedsecurity policy is applied to the user's record in the IBSM system. Thesecurity policy governs all key parameters of the user's utilization ofthe BIV systems to ensure compliance with the security rules andpolicies of the owner of the security infrastructure that utilizes theinventive system and method (which may range from a singe user to anorganization (e.g. a corporation, a government agency, etc.)). Thesecurity policy also includes an enrollment policy that determines therequirements which must be met by the user when adding new BIV systemsin the future.

While the security policy is preferably predetermined before userenrollment, optionally, if permitted by the owner of the securityinfrastructure or another authorized party, or, if the user is the owneror authorized party, the user may modify an existing security policy or,if no security policy is present, the user may define the securitypolicy,

Thereafter, the inventive system also enables any registered party tosend biometrically (and otherwise) secured information to the otherparty utilizing any available BIV system (or systems) that is compatiblewith one or more of their registered biometric enrollments stored intheir IBSM system record, regardless of BIV system ownership, andwithout requiring local enrollment. Thus, registered users canadvantageously utilize a compatible BIV system of any informationtransfer device capable of communication with the IBSM system.

In another embodiment of the inventive system and method, that may bereadily utilized on its own, or in conjunction with the previouslydescribed embodiment, a party registered with the IBSM system, that ownscertain secured content, is able to selectively designate identities ofone or more registered parties that are authorized to access the securedcontent and/or a portion thereof, upon verification of their identity,and, optionally, provide one or more rules of varying complexity to theIBSM system governing such access.

Other objects and features of the present invention will become apparentfrom the following detailed description considered in conjunction withthe accompanying drawings. It is to be understood, however, that thedrawings are designed solely for purposes of illustration and not as adefinition of the limits of the invention, for which reference should bemade to the appended claims.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

The system and method of the present invention remedy the disadvantagesof previously known biometric solutions directed at verifying andsecuring information transfer between parties, by providing aplatform-independent biometric security management system architecturethat enables registered parties to securely transfer informationtherebetween, and verify the identities of the party enabling thetransfer (e.g., by transmission of information, or by enabling securedaccess to stored information), and/or of the recipient party gainingaccess to the information (e.g., by receiving the information, and/or bytO accessing secured stored information), utilizing any biometricidentity verification system available, regardless of the type, model,and/or ownership, as long as the utilized biometric system is compatiblewith one or more of their previously registered multiple biometricenrollments.

The inventive system and method achieve the above, and other objectives,by enabling prospective users to register with a centralized independentbiometric security management (IBSM) system, and, during theregistration process, in addition to providing identifying information(name, contact information, etc.), to also supply one or more biometricenrollments, utilizing one or more biometric identity verificationsystems (i.e., BIV system) available to them. Any registered user isalso able to add additional biometric enrollments, from any other BIVsystem, at a later time to expand their ability to utilize the inventivesystem utilizing many different BIV systems.

The novel IBSM system stores the above information in unique records,each assigned to art individual registered user, and further enablesadditional information to be stored in the records. Advantageously, eachsuch record is configured for storing multiple BIV system enrollmentsfor each user, such that each user can each utilize one or moredifferent BIV systems in conjunction with the inventive system. Thisfeature of the present invention is particularly important for thegrowing number of security applications which require multipleauthentication factors (i.e., by simultaneous or sequential utilizationof multiple BIV systems to authenticate identity) to perform certainsecure tasks.

In addition, as described in greater detail below in connection withFIG. 7, during the initial user enrollment process, a predeterminedsecurity policy is applied to the user's record in the IBSM system. Thesecurity policy governs all key parameters of the user's utilization ofthe BIV systems to ensure compliance with the security rules andpolicies of the owner of the security infrastructure that utilizes theinventive system and method (which may range from a singe user to anorganization (e.g. a corporation, a government agency, etc.)). Thesecurity policy also includes an enrollment policy, as discussed ingreater detail below in connection with FIG. 8, that determines therequirements which must be met by the user when adding new BIV systemsin the future.

While the inventive system and method are described below in connectionwith certain drawing figures in exemplary embodiments, as beingadvantageously configured for use with transfer of electronicinformation over a communication network (e.g., the Internet or othertelecommunications network), it should be understood to one skilled inthe art, that the inventive system and method may be readily andadvantageously utilized for enabling secured information transfer of anytype (audio (e.g., voice), video, sensor information, machine-readabledata, etc.), without departing from the spirit of the invention, as amatter of necessity or design choice.

Similarly, while the descriptions of various embodiments of theinventive system and method, interchangeably refer to various dataprocessing systems used in conjunction therewith as “computers”, itshould be noted that any system with similar capabilities, necessary forperforming the tasks required by the inventive system and method, mayreadily be used as a matter of necessity or design choice, withoutdeparting from the spirit of the invention. For example, it isspecifically contemplated that a wireless telephone (such as a cellulartelephone) with sufficient data processing capabilities may be readilyutilized in accordance with the present invention.

Before describing the various embodiments of the inventive system andmethod, and the components, infrastructure, and operation in greaterdetail, it would be helpful to provide the definitions of certain termsused in the drawing figures, and in the accompanying descriptions. Table1 below contains summary of definitions of commonly used terms withinthe context of the description of the various embodiments of the presentinvention,

Because the terminology that may be currently utilized to describe thevarious embodiments of the novel system (and its functionality), evolvesand changes rapidly, for the purposes of clarity, and without departingfrom the spirit of the invention, the various elements, components,infrastructures, and process steps of the inventive system and method,are described in Table 1, and further below, in terms of their requiredor desired functionality, and/or in terms of objectives they areintended to accomplish, in accordance with the present invention, ratherthan as specific structural and/or process implementations, which maychange in nomenclature with advances in information systems technology.

For example, as computers of various types are well known in the art, itis presumed that any computer used in conjunction with the presentinvention, will include the typical components necessary for itsoperation, e.g., one or more CPUs, memory, long term data storage, and,in cases of computers typically utilized by users, one or more inputdevices, a display, and so on. In addition, because a number ofabbreviated terms are used for the sake of convenience in FIGS. 1A to 6,and further below, Table 1 also provides the definitions of allabbreviated terms used herein.

TABLE 1 (Definitions/Terminology) # TERM DEFINITION 1 USER/USER A user,for the purposes of the present invention, is defined as: 1. any partythat desires to securely and/or verifiably transfer information toanother party (or parties), whether by transmission thereto, or bygranting (to the other party or parties) secured access to content thatincludes information, and/or 2. any party that desires to receivesecured and/or verified information from another party (or parties),whether by transmission therefrom, or by accessing secured content, aspermitted by the other party (or parties). Thus, in accordance with thepresent invention, users may range from private individuals, to membersof groups of any type and with any amount of hierarchical levels andsubgroups and that may be readily overlap with other groups (e.g.,groups of friends, family members, employees of a corporation,government employees and/or officials of varying ranks in one or moreagencies, students of a particular university, etc.) 2 InfoTr SystemInformation transfer system. For the purposes of the present invention,an information transfer (InfoTr) system, is defined as any system havingat least some of the following characteristics: 1. capability fortransmitting information to at least one other InfoTr system; 2.capability for receiving information from at least one other InfoTrsystem; 3. capability for storing data and applications for issuinginstructions, and, in response to issued instructions, performing tasksinvolving data stored therein or provided thereto, sufficient to enablefunctionality necessary for operation of the novel system and method asdescribed blow in connection with FIGS. 1A to 6; 4. capability fordisplaying information relevant to its operation and the performedtasks; 5. capability for communicating with the IBSM system (seedefinition below); and 6. capability for receiving instructions from anoperator. In accordance with the present invention, the term “InfoTrsystem” can also refer to a collection of two or more interconnectedInfoTr systems (e.g., a local area network) having the abovecapabilities individually, and/or jointly. The InfoTr system preferablyincludes an operating environment, and one or more instruction sets(e.g., program applications), that provide it with the ability toexecute functions relating to sending and/or receiving information. Byway of example, for an InfoTr system implemented as a personal computer,the operating environment may be an appropriate operating system, whilean exemplary information transfer instruction set, may be an electronicmail program. By way of example, computers ranging from pocket-sizedpersonal digital assistants (PDAs), and smart telephones to personaldesktop or notebook computers, to high power servers and servernetworks, are the most common exemplary implementations of InfoTrsystems, and, in most cases, readily possess all the capabilitiesnecessary for operation as components of various embodiments of theinventive system and method. Accordingly, the InfoTr systems shown invarious embodiments of the present invention, are preferably computersor advanced communication devices with appropriate similar functionality(e.g., wireless/cellular/satellite telephone, military communicator,radio transmitter, etc.), with the specific type, capabilities, andconfiguration thereof, being determined as a matter of necessity and/ordesign choice. However, it should be noted that any system, even iffalling outside the conventional definition of a “computer” orcommunication device, may be utilized as a InfoTr system in accordancewith the present invention, without departing from the spirit of theinvention, as long as such a system posses the necessary capabilitiesselected from (1) to (6) above. 3 BIVS Biometric identity verificationsystem (See FIG. 1A and accompanying description) 4 BIVD Biometricidentity verification device (See FIG. 1B and accompanying description)5 BIVA Biometric identity verification application (See FIG. 1B andaccompanying description) 6 EDA Encryption/decryption application. Forthe purposes of the present invention, an EDA is a set of instructions,for example embodied in a program application executable by an InfoTrsystem, and/or by the IBSM system, or as a module to another application(e.g., the application responsible for transmission of information),capable of encrypting and/or decrypting electronic information in anyform. Advantageously, any type of EDA, whether currently available, ordeveloped in the future, may be readily in conjunction with theinventive system and method without departing from the spirit of theinvention. In one embodiment of the inventive system and method, duringencryption of information to be transmitted, the EDA utilizes at least aportion of the UBIV_Element (see definition below) of the user of theInfoTr system sending the transmission. 7 SECURITY_Policy The securitypolicy governs all key parameters of utilization of the BIV systems byauthorized users to ensure compliance with the security rules andpolicies of the owner of the security infrastructure that utilizes theinventive system and method. The security policy may also include anenrollment policy 8 ENROLL_Policy The enrollment policy: determines therequirements which must be met by the user when adding enrollments fornew BIV systems, to the USER_Record in the future. 9 Information/Data/As defined herein, information, data, or content, Content may be of anytype and in any number of formats that can be, in whole or in part,transmitted, interacted with (e.g., viewed, modified, reviewed, etc.),generated, acquired, analyzed, deleted, reviewed, and/or otherwiseprocessed by an InfoTr system. For example, information may include, butis not limited to, one or more of the following: text, images, audio,video, transactional information, instrument or sensor readings (e.g.,medical, scientific, military), links to other data, executable programsand supporting files, etc. Additionally, data may be static,interactive, or a combination of both. While it may be usedinterchangeably with “information” or “data”, the term “content”preferably represents certain desirable information that is of interestto one or more parties, access to which is controlled by one or moreparties. 10 SIT Secured information transmission (See FIG. 1A andaccompanying description) 11 IBSM System Independent biometric securitymanagement system. (See FIG. 1A and accompanying description) 12 SITMsystem Secure information transfer management system - the system of thepresent invention, at a minimum including two InfoTr systems, eachaccessed by a user, and each capable of communication with an inventiveIBSM system, and optionally of communication between one another, that,in at least one inventive embodiment, can be utilized by users tosecurely transfer information between one another, and to verifyidentity of transmitting user, as well as to verify the identity of theuser receiving and accessing the information. 13 Communication Link Asdefined herein, a communication link is preferably any form of acommunication connection between the various components of the inventiveSITM system (e.g., InfoTr systems, the IBSM system, etc.), that enablesdata transmission of the appropriate types of information therebetween.Thus, each communication link may include, but is not limited to, one ormore of the following, in any combination: direct telecommunicationline(s), wireless link(s) (e.g., satellite uplink, radio, cellular,wi-fi, etc.), and communication network(s) (such as a LAN (local areanetwork), a WAN (wide area network), or the Internet). 14 USER_RecordRecord stored in IBSM System representative of the user's UBIV_Elementand additional information. (See FIG. 1A and accompanying description)15 UBIV_Element User biometric identity verification element. (See FIG.1A and accompanying description) 16 SIT_Profile Secured informationtransfer profile. (See FIG. 1A and accompanying description) 17 SIT_LogSecured information transfer log (See FIG. 1A and accompanyingdescription) 18 SCA_Profile Secured content access profile (See FIG. 4and accompanying description) 19 CA_Record Content access record (SeeFIG. 4 and accompanying description) 20 Recipient_INFO Informationidentifying the specific user (or users) as intended recipient(s) of SITbeing sent by a user. (See FIG. 5 and accompanying description) 21Sender_BIVE Sender biometric identity verification element (See FIG. 5and accompanying description) 22 Recipient_BIVE Recipient biometricidentity verification element (See FIG. 5 and accompanying description)23 UBIVE_Threshold User Biometric Identity Verification ElementThreshold (see FIG. 8 and accompanying description).

It should be noted, that the specific numbers of users, andcorresponding InfoTr systems shown in the various FIGS. 1A to 4, areprovided by way of example only. Because the inventive secureinformation transfer management (SITM) system is completely scalable, itmay be used in configurations ranging from as few as two users, to asmany as practically possible, as a matter of design choice orconvenience, without departing from the spirit of the invention.

Referring now to FIG. 1A, a first exemplary embodiment of the inventiveSITM system 10 is shown. The SITM system 10 enables secure andverifiable transfer of information between at least two users 20 and 30(see Table 1, definition #1). Each of the users 20, 30 preferablyoperates a corresponding information transfer (InfoTr) system 22, 32(for example a computer or mobile communication device), capable oftransmitting information to other InfoTr systems of the same, or ofdifferent type and/or configuration. Thus, for example, each of theInfoTr systems 22 and 32 may be of a different type—InfoTr system 22 maybe a personal computer, while InfoTr system 32 may be a smart mobilecommunication device.

Each of the InfoTr systems 22, 32 preferably includes a correspondingencryption/decryption application (EDA) 24, 34, respectively (see Table1, definition #6), for enabling each of the users 20, 30 to secure andverify information transferred therebetween (for example by encryptingit at for transmission and then decrypting it when received andaccessed, upon recipient identity verification).

Each of the InfoTr systems 22, 32 includes, or has ready access to, acorresponding biometric identity verification system (BIVS) 26, 36. Asdiscussed in greater detail above, in connection with the background ofthe present invention, a BIVS utilizes one or more unique personalcharacteristics of a user registered therewith, to verify theiridentity. As discussed in greater detail below in connection with FIG.1B, a BIVS typically includes a biometric identity verification device(BIVD) for acquiring biometric information from a user, and acorresponding biometric identity verification application (BIVA) forcontrolling the operation of the BIVD, and for enabling the acquiredbiometric characteristics to be used for identity verification.

In accordance with the present invention, each of the BIVS 26, 36 may beany type of BIVS whatsoever. Advantageously, the BIVS 26, 36 do not needto be compatible with one another. Thus, the BIVS 26 may be afingerprint scanner, while the BIVS 36 may be a facial recognitionsystem. It should be noted that in accordance with the presentinvention, the term BIVS may also refer to multiple BIVDs connected tothe same InfoTr system, that can provide multiple authentication factorsfor certain predetermined security applications.

Preferably, each BIVS 26, 36 is capable of “enrolling” (i.e.,registering) one or more users (e.g. users 20, 30), and generating acorresponding user biometric identity verification element(UBIV_Element), representative of the biometric information acquired bythe BIVD and processed for use in future user identity verification(e.g., by creating a recognition template, or otherwise). In previouslyknown biometric security systems, a user's UBIV_Element is typicallystored in one or more of the BIVS, the InfoTr system connected thereto,or, in client-server configurations, on a separate central InfoTrsystem.

The SITM system 10 also includes an independent biometric securitymanagement (IBSM) system 60, which is the key component of the presentinvention. The IBSM system 60, is preferably an data processing system(such as one or more computers (e.g. a server, or network of servers)),capable of communicating and interacting with as many different InfoTr,and BIVS types, models and configurations as is practicable or, at aminimum, as many as is required by the desired SITM system 10configuration, capacity, and intended use.

The SITM system 10 also includes a communication link 40, for enablingcommunication between the InfoTr system 22 and the InfoTr system 32, acommunication link 42 for enabling communication between the InfoTrsystem 22 and the IBSM system 60, and a communication link 44 forenabling communication between the InfoTr system 32 and the IBSM system60 (see Table 1, definition #11). One or more of the communication links40, 42, 44 may be different from one another, or they may all be thesame. For example, the communication link 40 may be a wireless voicetelecommunication link, while communication link 44 is a broadband landtelecommunication line and the communication link 44 is a wireless datacommunication link. Or, all of the communication links 40, 42, 44 may bethe Internet.

Prior to utilization of the inventive SITM system 10, each user desiringto take advantage of the advantageous SITM system 10 functionality (e.g.each of the users 20, 30), performs a registration or enrollmentprocess, for example such as the exemplary initial user enrollmentprocess 600 described below in connection with FIG. 7. Regardless of thespecific initial enrollment process used, such a process, at a minimum,involves the following steps:

-   -   (1) providing certain predetermined personal identifying        information (e.g. name, address, etc.);    -   (2) verification of that information (by third party        confirmation, in case of certain types of users (corporate or        government employees, etc.), or by other well known reliable        identity verification approaches;    -   (3) storing, in the IBSM system 60, the provided information        (and optionally the source of verification) as USER_Data 64 c in        a corresponding record (USER_Record 62) for each user.        Optionally, if the user is already biometrically registered at        their InfoTr system through the corresponding BIVS (e.g., if the        user 20 previously used BIVS 26 to enroll on their InfoTr system        22), and the IBSM system 60 is appropriately configured by an        authorized administrator, it may accept identity verification        based on previous local InfoTr system biometric registration;        and    -   (4) utilization of their respective BIVS (e.g. BIVS 26 for user        20, and BIVS 36 for user 30) to generate one or more        corresponding UBIV_Element(s) and transmit it, via respective        communication links (e.g. link 42 for user 20, and link 46 for        user 30), to a UBIV_Record 64, configured for storage and        utilization of multiple concurrent UBIV_Elements, that is part        of the corresponding USER_Record 62 stored in the IBSM system        60. Optionally, if there is a pre-existing biometric security        system (not shown) that comprises records with biometric        enrollments for one or more users, and that can communicate with        the SITM system 10, as part of the registration process, the        IBSM system 60 can readily import existing biometric enrollments        for each user into the UBIV_Record in their individual        USER_Record. In this case, the user having such previously        obtained biometric enrollment(s) for specific BIVS(s), would not        need to repeat the enrollment procedure for those        systems/devices.

Thus, for each user 20, 30, the IBSM system 60 stores the individualunique USER_Record 62, that includes that user's verified identifyinginformation USER_Data 64 c, as well as at least one of theircorresponding UBIV_Element(s) 64 a-64 b in the UBIV_Record 64. TheUSER_Record 62 also preferably includes a SECURITY_Policy 64 d (definedin Table 1 above), which also includes an ENROLL_Policy 64 e (defined inTable 1 above), as well as one or more security protocol(s) 64 f thatdefine the specific security rules and parameters thereof.

By way of example, the SECURITY_Policy 64 d may include securityprotocols 64(f) that define the rules for sending secured information toother registered users (such as a selectable list of potentialrecipients, the need for receipt and/or viewing verification, etc.), aswell as define one or more additional rules of varying complexity,governing the recipient's access to the transmitted secured information.For example, a sending user 20 can specify a rule, that a particulartransmission of information (e.g., electronic mail message withattachment), may only be opened by the intended recipient, user 30, ifthat recipient successfully passes identity verification from a BIVS 36that includes two (or more) different biometric identity verificationdevices (e.g., a fingerprint scanner and a facial scanner), or that twoseparate recipients (user 30 and user 50) must both verify theiridentity with the IBSM system 60, in order to access the content of thetransmission.

As discussed below in connection with FIGS. 2 and 8, any user cangenerate additional UBIV_Elements for their USER_Record, utilizing BIVSof different types, models, and/or configurations, such that theirUBIV_Record in the USER_Record stores multiple UBIV_Elements for avariety of BIVSs. This is a crucial advantageous feature of the presentinvention—because any user registered with the IBSM system 60 is able toverify their identity through any BIVS, even one which they never used,or one that is part of another user's InfoTr system, if it is capable ofutilizing any of the UBIV_Elements stored in the USER_Record. Thisadvantageous feature of the present invention is described in greaterdetail below in connection with FIG. 8.

The above-described novel feature enables the IBSM system 60 to be truly“platform-independent” with respect to compatibility with various InfoTrand BIVS types, models, and configurations. For example, a user 50,previously registered with the IBSM system 60, and having a UBIV_Elementcompatible with the BIVS 36 stored in their USER_Record, is able toutilize the InfoTr System 32 and the BIVS 36 of the user 30, toverifiably exchange secured information with other registered users, forexample, with another user 46, that may have access to the InfoTr system22.

Thus, preferably, the IBSM system 60 may be scaled to any necessarycapacity, and provided with all necessary components (hardware and/orsoftware), to enable it to readily communicate, and interact with, thevarious InfoTr systems, BIVS, and other components of the inventive SITMsystem (as illustrated, by way of example, for SITM systems 10 of FIG.1A, 70 of FIG. 1B, 100, of FIG. 2, 200 of FIG. 3, and 300 of FIG. 4).

It should also be noted that, the “Independent Biometric SecurityServer” disclosed in the above-incorporated U.S. patent application Ser.No. 11/332,017, may be readily and advantageously configured for use asan IBSM system 60. Optionally, any other data processing system capableof similar or equivalent biometric platform-independent functionality tothe “Independent Biometric Security Server” may be readily utilized asthe IBSM system 60, as a matter of design choice, without departing fromthe spirit of the invention.

Additionally, as long as the above-described minimum IBSM system 60registration steps are followed, any user can readily utilize anotherusers InfoTr system and BIVS to register, as long as independentverification of the user's identity is available to finalizeregistration.

In accordance with the present invention, the users 20, 30 utilize theIBSM system 60 during transfer of a secured information transmission(SIT) 52, between InfoTr systems 22 and 32, over the communication link40, to verify identities of the sending user (e.g., user 20), as well asthe identity of the user receiving and accessing the SIT 52 (e.g., user30). In addition, the IBSM system 60 may be advantageously utilized aspart of the SIT 52 generation process (e.g. when the information to betransferred is encrypted or otherwise secured) by the EDA 24, and thenaccessed (e.g., decrypted) by the EDA 34.

In an alternate embodiment of the invention, in addition to, or insteadof one or both of the EDA 24, 34, the IBSM system 60 may include anoptional EDA 66, that performs all, or some, of the tasks necessary forgenerating and accessing the SIT 52. Additionally, rather than beingtransferred through the communication link 40, in yet another alternateembodiment of the invention, the SIT 52 may be readily transmittedbetween InfoTr systems 22 and 32 through the IBSM system 60 via thecommunication links 42, 44.

In summary, in one of its simplest implementations, the inventive SITMsystem 10 operates as follows: the user 20, desiring to transmit certaininformation to the user 30, indicates, to the IBSM system 60, themselvesas the sender, and the user 30 as the intended recipient. The user 20then provides biometric information to the IBSM system 60 through theirBIVS 24, which is processed and compared to a compatible UBIV_Elementstored in their USER_Record, to verify the identity of the user 20. Theinformation to be transferred is then encrypted to generate the SIT 52(optionally utilizing at least a portion of one or both of theUBIV_Element of the sending user 20, and the UBIV_Element of thereceiving user 30). The SIT 52 is then transmitted to the user 30, andupon receipt by the InfoTr system 32, to access the information in theSIT 52, the user 30 must verify their identity to the IBSM system 60, byproviding biometric information thereto through the BIVS 36, that, whenprocessed, is successfully matched to a compatible UBIV_Element storedin the USER_Record of the user 30 (optionally in accordance withpredetermined biometric recognition criteria (e.g., threshold, etc.),that may have been present in the IBSM system 60, or that may have beenspecified by the sending user 20 to the IBSM system 60, for the SIT 52,or for all of user 20 data transfers).

When the identity of the user 30 is verified as the intended recipient,the IBSM system 60 enables the EDA 34 to decrypt the SIT 52 thusallowing the user 30 to access the transferred information, whileoptionally recording the access event, and optionally notifying user 20of the verification of the access by the designated recipient (user 30).An exemplary detailed embodiment of a process for the operation of theSITM system 10 for secured and verified information transmission isshown in FIG. 5, and described in detail below in connection therewith.

In accordance with the present invention, the organization that owns oris subscribed to the SITM system 10, or, optionally, the sending user,may be given the ability to have significant control over the manner inwhich their transferred secured information is accessed by the recipientthrough modification of the SECURITY_Policy 64 d, for example, defining,in the security protocol(s) 64 f, one or more criteria (e.g., in form ofrules), that must be met for the recipient user to gain access to theinformation. For example, the SECURITY_Policy 64 d can specify that inorder to access information in SIT 52, both the user 30, and anotheruser 48, must verify their identities to the IBSM system 60, (e.g., boththrough the BIVS 36, or with each user utilizing their own BIVS).Alternately, the SECURITY_Policy 64 d can specify that the user 30 mustutilize two separate BIVS of different types, or to utilize their BIVS36 in conjunction with another from of security, such as a password or aPIN code. Optionally, the SECURITY_Policy 64 d can set the user 20 SIT52 to expire, or otherwise be erased, if the user 30 does not access itduring a specified period of time.

Additionally, the SECURITY_Policy 64 d can specify the amount and detaillevel of information, about the events relating to the secured data tobe tracked and/or recorded by the IBSM system 60. For example, theSECURITY_Policy 64 d can require notification of delivery of SIT 52,notification of user 30 acknowledging receipt of SIT 52, andnotification when user 30 accesses the information therein (as well asnotification of any failed attempts to access the information).

Alternately, rather than defining all such parameters as part of aSECURITY_Policy 64 d, these parameters may be defined by the user as“user preferences”. Optionally, each user's preferences relating totransfer of secured information, and for tracking events relatedthereto, as well as event tracking information can be stored in theirUSER_Record, for example as secured information transmission profile(SIT_Profile) (shown as optional SIT_Profile 64 g in FIG. 1A) forstoring information relating to the users preferences relating totransfer of secured information, and/or as secured informationtransmission log (SIT_Log) (shown as optional SIT_Log 64 h in FIG. 1A),for storing information indicative of the users preferences relating totracking events related to secured information transfers. Optionally,both SIT_Profile and SIT_Log may be presented in a unified format.

Advantageously, from the point of view of a user, the interface fornecessary interaction with the various components of the SITM system 10,and especially with the IBSM system 60, may be implemented as a separateprogram application, or function, of a users InfoTr system, or as acommunication portal accessible by the users' InfoTr system (forexample, a secure website). Optionally, the SITM system 10, and itscomponents, may be implemented transparently in the background, forexample, as components, modules or “plug-ins” for existingapplications/functions of the user's InfoTr system, such that a user cancontinue to utilize their preferred information transferapplications/functionality, while gaining the full benefit of the SITMsystem 10. In any implementation of the novel SITM system, theregistered users may gain access to IBSM system functionality through anappropriate identity verification or “login” procedure, that mayoptionally be integrated into the process of initiating secureinformation transmission or information access.

In addition, while a less secure implementation than described above, inan alternate embodiment of the SITM system 10, each InfoTr system canperform user identity verification locally, and, rather thantransmitting newly acquired USIV_Elements to the IBSM system 60 forcentralized Identity verification, each InfoTr system can simplyindicate the status of the local verification to the IBSM system 60.

Referring now to FIG. 5, an exemplary embodiment of a process 400 forsecured transmission of information utilizing the inventive SITM system(for example, the SITM system 10 of FIG. 1A) is shown. As noted above,as a matter of design choice, the various steps of this process may beexecuted by different components of the various embodiments of theinventive SITM system shown in FIGS. 1A to 3.

The process 400 begins at a step 402, where a sending user (hereinafter“Sender”), registered with the IBSM system component of the inventiveSITM system, decides to transmit secured information to one or moreother registered users of the SITM system (hereinafter “Recipient”). Ata step 404, the Sender generates Recipient_INFO, to identify theRecipient selected at step 402, and that may optionally include one ormore rules, for example, from a Sender SECURITY_Policy or the sendersSIT_Profile, relating to requirements that must be met by the Recipientto gain access to the secured information, but at a minimum requiringbiometric verification of the Recipient's identity.

At a step 406, the Recipient_INFO is transmitted to the IBSM system (orsimply passed to the appropriate component thereof, if step 404 wasbeing performed at the IBSM system), optionally, along with Sender_BIVE(Sender biometric identity verification element, representative ofbiometric information provided by the Sender), that enables the IBSMsystem to verify the identity of the Sender, both for internal securitypurposes, and optionally for provision of that verified information tothe Recipient. At a step 408, the process 400 verifies the Sender_BIVE(and optionally updates the Sender SIT_Log, if any), at a step 410,generates a SIT (e.g., by encrypting information to be transmitted), andat a step 412, transmits the SIT to the Recipient.

At a step 414, upon receipt of the SIT, the process 400 requests theRecipient to verify their identity, in accordance with the requirementssent forth by the Sender in Recipient_INFO (e.g., by presenting theirBIVS with biometric information to enable it to generate a correspondingRecipient_BIVE (Recipient biometric identity verification element),representative of biometric information provided by the Recipient). TheRecipient_BIVE is then transmitted, at a step 416, to the IBSM system,and verified against the Recipient's UBIV_Element (in addition to anyother verifications that may have been required by the Recipient_INFO)stored in the Recipient's USER_Record. Assuming the verificationcriteria in the Recipient_INFO has been met, at a step 418, the SIT isdecrypted and the Recipient is given access to information therein. Atan optional step 420, the process 400 optionally verifies to Sender thatRecipient has received and accessed the SIT, and optionally updates theSenders SIT_Log and/or the Recipients SIT_Log, with the results of oneor more of the previously performed steps.

Referring now to FIG. 1B, an alternate embodiment of the inventive SITMsystem is shown as a SITM system 70. The SITM system 70 operatessubstantially similarly to the SITM system 10 of FIG. 1A, with thevarious components thereof having like reference characters, except thatthe functionality of the BIVS 26 and 36, is implemented in a differentmanner. Rather than each InfoTr system 22, 32 having access to a fullfeatured BIVS, they each include one or more respective biometricidentity verification devices (BIVD(s)) 72, 74 only, each withsufficient application functionality to enable it to acquire appropriatebiometric information, and provide it, preferably in encrypted form, tothe IBSM system 60. Each BIVD(s) 72, 74 serves as the physical deviceresponsible for acquiring one or more specific biometric characteristicsof the user. Examples of a BIVD include, but are not limited to: afingerprint scanner, palm scanner, vein scanner, facial recognitionscanner, iris scanner, retinal scanner, signature acquisition device,voice acquisition device, etc.

The IBSM system 60, as implemented in the SITM system 70, is suppliedwith a centralized biometric identity verification application (BIVA) 76that performs all necessary functions necessary to generateUBIV_Elements from information received from BIVD(s) 72, 74, andappropriate functionality to perform necessary biometric identityverification, and any other required security measures. Other that as isnoted above, the SITM system 70 operates in a manner similar to the SITMsystem 10 of FIG. 1A.

Referring now to FIGS. 2 and 3, exemplary embodiments of the novel SITMsystem, having more complex implementations that are shown in FIG. 1A,but operating on the same novel principles. Referring first to FIG. 2, aSITM system 100 is shown, that includes all of the components of theSITM system 10 shown in FIG. 1A and described in connection therewith,but that also includes an additional BIVS 102 provided to the InfoTrsystem 32, and optionally yet another standalone separate BIVS 104 (eachincluding a single BIVD), that may also be provided thereto, shown as anexample to illustrate that the user 30 may register all three BIVS 36,102, 104 with the IBSM system 60 and then utilize any of the registeredBIVS for necessary identity verification therewith.

Similarly, as another example, a user 112, having an InfoTr system 114,may be provided with a separate BIVS/EDA standalone security device 116,capable of performing the functions of a BIVS 120 and of an EDA 118,which may be local to the user 112, or which the user 112 may utilizethrough a communication link 122 (for example, if the device 116 is avoice recognition based device, the user 112 may contact the device 116though their InfoTr system 114 and provide the necessary voice sample).In one example of utilization of the SITM system 100, the user 20 maytransfer the SIT 52 to the user 30 with one set of Recipient_INFO (seeProcess 400, FIG. 5), and also send the same SIT 52 to the user 112,with a different Recipient_INFO.

Referring now to FIG. 3, a SITM system 200 is shown, that includes allof the components of the SITM systems 10 (FIG. 1A) and 100 (FIG. 2), butthat also includes an additional group of users, shown as a privatenetwork 202. The private network 202 may include an InfoTr server 204(e.g. a robust computer, such as a server, or group of servers),equipped with an EDA 206, and additional users 208, 214 havingcorresponding InfoTr systems 210, 122, supplied with corresponding BIVSs212, 218, and optional EDAs 220, 222. In the SITM system 200, certainfunctionality of the individual InfoTr systems of the users, and/or ofthe IBSM system 60 may be taken over by the InfoTr server 204. Forexample, the InfoTr server 204 may utilize a powerful EDA 206 to performall decryption operations (upon successful recipient identityverification) on a SIT 232, sent by the user 112, arriving to theprivate network 202 via a communication link 230, and designated forone, or both, of the users 208, 214, and/or also perform the encryptionoperations on a SIT 228, sent, from the private network 202 via acommunication link 226, to the user 20 by one of the users 208, 214.

Referring now to FIG. 4, an alternate embodiment of the inventive SITMsystem of FIG. 1A that enables registered users to control and verifyaccess to stored content by other parties by specifying one or moreother registered users, and optionally by specifying one or morecriteria for accessing certain content (similarly to as described abovein connection with access to information in the SITs). The users 20 and30, as well as their respective InfoTr systems 22, 32, EDAs 24, 34, andBIVSs 26, 36, are as described above in connection with FIG. 1A.Similarly, the additional users 330 and 340 shown by way of example,have access to their respective InfoTr systems 332, 342, EDAs 334, 344,and BIVSs 336, 346, and may communicate with the IBSM system 60 viarespective communication links 350, 352. All of the InfoTr systems 22,32, 332, 324, are able to communicate with a content system 302 viarespective communication links 354, 356, 358 and 360. As noted above, inconnection with FIG. 1A, the various communication links shown in FIG. 4may be similar to at least some of the other links, or may be all of thesame configuration (e.g., the Internet).

The content system 302 preferably includes at least one item of content(see Table 1, definition #7), with three content items 304, 306, and308, being shown by way of example. A particular user who owns, or isauthorized to control access to, a particular content item or items,creates a secure content access profile (SCA_Profile) that may be storedwith the content item, or at the IBSM system 60, and that providescriteria for accessing the content item, that may be as simple or ascomplex as the user chooses. For example, if the user 20 owns content304, they may specify in a SCA_Profile 310 that only users 30 and 344may access the content item 304 upon successful identity verification bythe IBSM system 60, and that the access granted to the user 330 expiresafter 10 days of being granted.

In another example, if the user 30 controls access to the content item306 which includes separate content items 312, 314 (while two are shownby way of example, a content item may include an unlimited number ofother content items in a flat or a hierarchical architecture), with theuser 30 defining separate SCA_Profiles 316, 318 therefor, or definingdifferent access rules for each separate content item 312, 314 in oneSCA_Profile.

In yet another example, the user 330, may define multiple SCA_Profiles320 for content item 308, for example, based on time, specificauthorized access users, and/or on other criteria. In addition, contentitem 308 (and of course any other content item), may include an optionalcontent access record (CA_Record) 322, that includes information relatedto access to the content item, and optionally, related to failed accessattempts.

Optionally, in one embodiment of the inventive SITM system 300, the IBSMsystem 60 and the content system 302 may be implemented as a singlesystem 364. This may be advantageous in applications where a largeamount of content items are to be managed, and/or where there is a largequantity of complex SCA_Profiles, and/or when content items areencrypted—i.e. in situations that may require an IBSM system 60dedicated to supporting the content system. Alternately, the contentsystem 302 may be implemented in a particular users own InfoTr system.Of course, it should also be noted, that the functionality described inconnection with the SITM system 300 may be readily combined with SITMsystems 10, 70, 100, and 200, described above in connection with FIGS.1A, 1B, 2, and 3, respectively, because any embodiment of the novel SITMsystem can readily support both functionality related to verified secureinformation transmission, as well as to secured access control.

In an alternate embodiment of the invention, the same principles of SITMsystem 300 implementation, as are described above in their applicationto content access control, may be readily extended to include physicalaccess control, whether location based (e.g., door), or item based(e.g., a safe, a computer).

Referring finally, to FIG. 6, an exemplary embodiment of a process 500for demonstrating the process of secured content access utilizing theinventive SITM system (for example, the SITM system 300 of FIG. 4) isshown. As a matter of design choice, the various steps of this processmay be executed by different components of the inventive SITM system 300of FIG. 4.

The process 500 preferably includes two portions—(1) a configurationportion 502, which includes steps 506 to 510, and which is directed toconfiguring the SITM system 300 for the owner thereof, and (2) a accesscontrol portion 504, which includes steps 512 to 520, and which isdirected to controlling access to the content stored on the contentsystem.

The process 500 may begin at an optional step 506, where user mayprovide one or more content items to a content system to be secured. Ifthe content item (or items) to be secured is already present on thecontent system, the process 500 beings at a step 508, where the usercreates a SCA_Profile that provides criteria for accessing the contentitem by one or more other parties, registered with the IBSM systemcomponent of the inventive SITM system. At an optional step 510, theprocess 500 encrypts the user's content item (this step is optionalbecause it is possible to control access to content without encryptingit)—this concludes the configuration portion 502 of the process 500.

Later, at a step 512, a different user attempts to access securedcontent, and at a step 514, transmits, biometric information acquiredthrough their BIVS in form of a User_BIVE to the IBSM system (along withany other information that may be required by the SCA_Profile),whereupon, the IBSM system verifies the supplied User_BIVE (and otherinformation, if any), against the UBIV_Elements stored in theUBIV_Record of the USER_Record of the user.

Upon successful verification, at a step 516, the user is granted accessto the content item in accordance with the rules specified in theSCA_Profile for that content item (if any were defined), and may accessthe content at a step 518. At an optional step 520, the process 500records events relating to various steps thereof in the CA_Record of thecontent item.

Referring now to FIG. 7, an exemplary embodiment of an advantageousinitial user enrollment/registration process is shown as the initialuser enrollment process 600. The initial user enrollment process 600 maybe advantageously utilized in conjunction with any embodiments of theinventive SITM systems 10, 70, 100, 200, and 400, described above inconnection with FIGS. 1A, 1B, 2, 3, and 4, respectively.

The process 600 starts at a step 602 when a user, or an authorizedperson (such as an organization's security administrator), initiatesenrollment. At a step 604, the process 600 creates a USER_Record for theuser being registered (hereinafter the “registrant”). At a step 606, theprocess 600 obtains USER_Date from the registrant and stores it in thecorresponding USER_Record created at the step 604. The USER_Data must besufficient to identify the registrant and may optionally include certainpersonal information, password(s), and security questions and answersthat may be utilized during future enrollments of additional BIVS(s) (asdescribed in greater detail below in connection with FIG. 8.

Then, at a step 608, the process 600 verifies the identity of theregistrant. This may be readily done by a security administratoroverseeing the process 600 in an organizational setting, or throughother well known identity verification means (e.g., by sending an emailto the registrant's email address with a verification code, by callingand speaking with the registrant, or even by physically mailing averification code to the registrants address).

At a step 610, the process 600 creates a UBIV_Record for theregistrant's biometric enrollments, first, at a step 612, by generatingthe UBIV_Record configured to store and utilize multiple concurrentUBIV_elements generated from enrollment through multiple BIVS(s) andstoring it in the USER_Record, and second, at a step 614, generatingUBIV_Elements_(—)1 through _X, by utilizing the enrolment function ofeach BIVS to be used by the registrant (BIVS_(—)1 to _N) to generatecorresponding UBIV_Elements_(—)1 to _X, and store them in theregistrant's UBIV_Record. Optionally, if there is a pre-existingbiometric security system (not shown) that comprises records withbiometric enrollments for one or more users, and that can communicatewith the inventive SITM system being used, as part of the registrationprocess, the IBSM system can readily import existing biometricenrollments as USIV_Element(s) for each user into the UBIV_Record storedin their individual USER_Record. In this case, the user having suchpreviously obtained biometric enrollment(s) for specific BIVS(s), wouldnot need to repeat the enrollment procedure for those systems/devices.

If a SECURITY_Policy does not already exist for the SITM system beingused, at an optional step 61, the process 600 enables the registrant togenerate a SECURITY_Policy (and to define corresponding securityprotocol(s)), and enables the registrant to provide ENROLL_Data that maybe stored in the USER_Record and later used to verify the registrantsidentity remotely when enrolling additional BIVS(s), for example asdescribed below in connection with FIG. 8. At a step 618, the process600 applies the SECURITY_Policy of the owner or subscriber of the SITMsystem being utilized to the USER_Record (or applies the SECURITY_Policygenerated by the user at the optional step 616), and ends at a step 620.

Referring now to FIG. 8, a novel adaptive process for adding additionalBIVS enrollments to the USER_Record of a user, is shown as an adaptiveadditional BIDS enrollment process 700. The process 700, advantageouslyrelies on the capability of UBIV_Records to store and use a virtuallyunlimited number of UBIV_Elements for virtually any BIVS, in eachUSER_Record, by providing users with the ability to readily, and incertain cases transparently add support for additional new BIVS to theirUSER_Record.

The process 700 begins at a step 702 when the user initiates theaddition of support, in their USER_Record, for a new BIVS, by startingto utilize a new BIVS (BIVS_NEW) at a step 704, for example by using itin conjunction with a function of the SITM system being used (such as totransmit a SIT to a recipient from an InfoTr system having a BIVS_NEWthat is not enrolled in the user's USER_Record). At a step 706, theprocess 700 generates a BIVS output that is normally generated duringordinary use of the BIVS_NEW as UBIV_Data_NEW (such as a template orimage for fingerprint recognition, or iris image capture for an irisscanner, etc.) and transmits it to the IBSM system.

In a preferred embodiment of the present invention, the process 700 isadaptive and includes optional steps 708 and 710. If the process 700 isnot configured to be adaptive, after step 706, it proceeds to a step714. At the step 708, the process 700 determines whether theUBIV_Data_NEW received by the IBSM system meets a predeterminedUBIVE_Threshold of any existing UBIV_Element in UBIV_Record. TheUBIVE_Threshold (defined in Table 1) is representative of the minimumsimilarity between a submitted UBIV_Data_NEW and one or more currentlystored UBIV_Elements that would enable acceptable identity verificationof the user by comparing the submitted UBIV_Data_NEW that meets theUBIVE_Threshold with the closest matching existing UBIV_Element storedin the UBIV_Record. The ENROLL_Policy of the USER_Record'sSECURITY_Policy preferably stores the UBIVE_Threshold. If theUBIV_Data_NEW meets or exceeds the UBIVE_Threshold, then, at the step710, the process 700 utilizes the closest matching existing UBIV_Elementstored in the UBIV_Record to verify the user's identity without forcingthe user to formally enroll the BIVS_NEW in the USER_Record. Thisadaptive approach is advantageous because it enables users of the novelSITM system to readily utilize FINS, which they never formally enrolled,transparently and “on-the-fly”. For example, if the BIVS_NEW is a newmodel of a fingerprint scanner, the UBIV_Data_NEW sent to the IBSMsystem is the captured fingerprint image and/or template, and theUBIVE_Threshold is 75%, then the user would be able to utilize theBIVS_NEW for identity verification as long as the process 700 determinesthat there is at least a 75% match between the UBIV_Data_NEW and atleast one of the UBIV_Elements stored in the UBIV_Record. The process700 then ends at a step 712.

If the UBIV_Data_NEW is not sufficient to meet the UBIVE_Threshold (orif the process 700 is not adaptive), the process 700 proceeds to thestep 714, at which it verifies the user's identity in accordance withthe SECURITY_Policy in the USER_Record. This may be readily done by asecurity administrator overseeing the process 700 in an organizationalsetting, by using another BIVS connected to the same system as theBIVS_NEW, or through other well known identity verification means (e.g.,by sending an email to the registrant's email address with averification code, by calling and speaking with the registrant, or evenby physically mailing a verification code to the registrant's address).Optionally, if the user provided ENROLL_Data during process 600 of FIG.7, the ENROLL_Data can be used to simplify the identity verificationduring the process 700, for example by the user answering one or morepredetermined security questions.

At a step 716, the process 700 utilizes the standard BIVS_NEW enrollmentprocedure to generate a corresponding UBIV_Element_NEW, and, at a step718, stores the UBIV_Element_NEW in the UBIV_Record, thus enabling theuser to readily utilize the BIVS_NEW alone or in conjunction with otherpreviously enrolled BIVS(s).

Finally, it should also be noted, that while the various above-describedembodiments of the novel SITM system provide for securing (e.g.,encrypting) the transferred information between the parties, theinventive system and method may also be readily utilized for senderand/or recipient identity verification only, without the transferredinformation being secured in any way. This alternate embodiment of theinventive system and method may be advantageous for applications wheresecurity and control of access to transferred data is not important, butwhere verification of identity of the sender and/or of the recipientaccessing the information, is necessary and/or desired.

Thus, while there have been shown, described and pointed out fundamentalnovel features of the invention as applied to preferred embodimentsthereof, it will be understood that various omissions, substitutions andchanges in the form and details of the devices and methods illustrated,and in their operation, may be made by those skilled in the art withoutdeparting from the spirit of the invention. For example, it is expresslyintended that all combinations of those elements and/or method stepswhich perform substantially the same function in substantially the sameway to achieve the same results are within the scope of the invention.It is the intention, therefore, to be limited only as indicated by thescope of the claims appended hereto.

1-20. (canceled)
 21. A method of independent biometric identification ofa user comprising the steps of: receiving an access request from auser's system; forwarding the user's system to an independent remotebiometric identification server, wherein the independent remotebiometric identification server obtains the user's biometriccharacteristics using a capture device connected to the user's system;receiving from the user's system an access token created by theindependent remote biometric identification server after successfullyidentifying the user by comparing said obtained biometriccharacteristics to templates stored in a database; requesting from theindependent remote biometric identification server informationassociated with the access token; receiving the information associatedwith the access token from the independent remote biometricidentification server; and deciding whether to grant access to theuser's system based on the information associated with the access token.22. The method of independent biometric identification of a useraccording to claim 21, further comprising the steps of managing theindependent biometric identification server using a biometricadministration agent.
 23. The method of independent biometricidentification of a user according to claim 21, wherein said biometriccharacteristics comprise one or more of a human fingerprint, human irisfeature, human retina feature, hand feature, human facial feature, humanvoice, or human writing style.
 24. The method of independent biometricidentification of a user according to claim 23, wherein each of the oneor more biometric characteristics are compared to the templates storedin the database in a single authentication session.
 25. The method ofindependent biometric identification of a user according to claim 21,wherein each of the steps is performed in a single authenticationsession.
 26. A method of independent biometric identification of a usercomprising the steps of: receiving an access request from an applicationserver, which is independent from a user's system; providing a user'ssystem with a software component that allows the user to capture theuser's biometric characteristics with a capture device connected to theuser's system; receiving the obtained biometric characteristics from theuser's system; comparing the transmitted biometric characteristics withtemplates stored in a database in order to identify the user; if theuser is successfully identified, providing an access token to the user'ssystem, wherein the user's system subsequently provides the access tokento the application server in order for the application server to requestinformation associated with the access token; receiving the access tokenfrom the application server; and upon receipt of the access token fromthe application server, providing the application server withinformation associated with the access token to allow the applicationserver to decide whether to grant access to resources to the user. 27.The method of independent biometric identification of a user accordingto claim 32, wherein each of the steps is performed in a singleauthentication session.
 28. The method of claim 32, wherein the accesstoken expires after the information associated with the access token isprovided to the application server.
 29. The method of independentbiometric identification of a user according to claim 32, wherein saidbiometric characteristics comprise one or more of a human fingerprint,human iris feature, human retina feature, hand feature, human facialfeature, human voice, or human writing style.
 30. The method ofindependent biometric identification of a user according to claim 32,wherein each of the one or more biometric characteristics are comparedto the templates stored in the database in a single authenticationsession.